fluent-plugin-winevtlog 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 238726bd6a49e60ad9e2f165ddbf87b351e0436d
-  data.tar.gz: ba9b3af62d8460e2791a470a1f7fb2807be1f8c0
+  metadata.gz: b4bf063ad3c23a1f8336bce79a9e5e840e2943d8
+  data.tar.gz: 63fee0aa93007cbc2df3e7e0924735aaadcf02e3
 SHA512:
-  metadata.gz: 14da61cc1fa48009ec2e3bec9dce3dc4e5434b2bd628196fd025df8a9cb6f7df683cee73c641f1f836ee929484196c58f2e928f51ced102b3578c77f1f507929
-  data.tar.gz: 9c5136757333abc4c15a322a790fdad842896300024acee918efdc972878d8f7a79a663d62dc9d7ab150fa82fdbfa42d55699cf6875b4e091f5ed54fb7460e3d
+  metadata.gz: dd1167b0b58e23a92fc54981ae5edc8a4956fa5a9ae43f87923fd82f46ea89223fa85565aafd8e4560b1867473d05b47a0a06d4d602991ecad064e687404a154
+  data.tar.gz: e26f0bf0c19ea3b9d8d6c2ab3bd46760c380bda4defa19ab3742f81a65025baf55ead1b0548883aa2ce56a02bf67ca69665e26cb48ae5bd22ac18fd47c25223b

data/README.md

@@ -1,3 +1,64 @@
-# Fluent::Plugin::Winevtlog
+# fluent-plugin-winevtlog
 
+## Component
+
+#### fluentd Input plugin for Windows Event Log
+
+[Fluentd](http://fluentd.org) plugin to read Windows Event Log.
+You must use fluentd 'Windows' brach to use me, and it doesn't work on Linux of course.
+
+## Installation
+    gem install fluent-plugin-winevtlog
+
+## Configuration
+#### fluentd Input plugin for Windows Event Log 
+
+    <source>
+      type winevtlog
+      channel application,system
+      pos_file c:\temp\mypos
+      read_interval 2
+      tag winevt.raw
+    </source>
+    
+
+#### parameters
+
+|name      | description |
+|:-----    |:-----       |              
+|channel   | (option) 'applicaion' as default. one or combination of {application, system, setup, security}. If you want to read setup or security, administrator priv is required to launch fluentd.  |
+|pos_file  | (option, but higly recommended) a path of position file to save record numbers. |
+|read_interval   | (option) a read interval in second. 2 seconds as default.|
+
+
+#### read keys
+This plugin reads follows from Windws Event Log. No customization is allowed currently.
+
+|key|
+|:-----    |
+|record_number   |
+|time_generated|
+|time_written   |
+|event_id   |
+|event_type   |
+|event_category   |
+|source_name   |
+|computer_name  |
+|user   |
+|description   |
+
+
+
+## Etc.
+'read_from_head' is not supporeted currently.You can read newer records after you start first.
+No customize to read information keys.
+
+
+
+
+## Copyright
+####Copyright
+Copyright(C) 2014- @okahashi117
+####License
+Apache License, Version 2.0
 

data/fluent-plugin-winevtlog.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "fluent-plugin-winevtlog"
-  spec.version       = "0.0.3"
+  spec.version       = "0.0.4"
   spec.authors       = ["okahashi117"]
   spec.email         = ["naruki_okahashi@jbat.co.jp"]
   spec.summary       = %q{Input plugin to read windows event log.}

data/lib/fluent/plugin/in_winevtlog.rb

@@ -1,9 +1,12 @@
 
 require 'win32/eventlog'
+require 'fluent/input'
+require 'fluent/plugin'
+
 include Win32
 
 module Fluent
-  class WinEvtLog < Fluent::Input
+  class WinEvtLog < Input
     Fluent::Plugin.register_input('winevtlog', self)
 
     @@KEY_MAP = {"record_number" => :record_number, 
@@ -48,8 +51,9 @@ module Fluent
     end
 
     def start
+      super
       if @pos_file
-        @pf_file = File.open(@pos_file, File::RDWR|File::CREAT|File::BINARY, DEFAULT_FILE_PERMISSION)
+        @pf_file = File.open(@pos_file, File::RDWR|File::CREAT|File::BINARY)
         @pf_file.sync = true
         @pf = PositionFile.parse(@pf_file)
       end
@@ -66,7 +70,7 @@ module Fluent
     end
 
     def setup_wacther(ch, pe)
-      wlw = WindowsLogWatcher.new(ch, pe, &method(:receive_lines))
+      wlw = WindowsLogWatcher.new(@read_interval, ch, pe, &method(:receive_lines))
       wlw.attach(@loop)
       wlw
     end
@@ -115,7 +119,7 @@ module Fluent
           h = {"channel" => ch}
           @keynames.each {|k| h[k]=r.send(@@KEY_MAP[k]).to_s}
           #h = Hash[@keynames.map {|k| [k, r.send(@@KEY_MAP[k]).to_s]}]
-          Engine.emit(@tag, Engine.now, h)
+          router.emit(@tag, Engine.now, h)
           pe[1] +=1
         end
       rescue
@@ -126,11 +130,11 @@ module Fluent
 
 
     class WindowsLogWatcher
-      def initialize(ch, pe, &receive_lines)
+      def initialize(interval, ch, pe, &receive_lines)
         @ch = ch
         @pe = pe || MemoryPositionEntry.new
         @receive_lines = receive_lines
-        @timer_trigger = TimerWatcher.new(1, true, &method(:on_notify))
+        @timer_trigger = TimerWatcher.new(interval, true, &method(:on_notify))
       end
 
       attr_reader   :ch
@@ -182,7 +186,7 @@ module Fluent
         begin
           numlines = cur_end - old_end
 
-          winlogs = el.read(Windows::Constants::EVENTLOG_SEEK_READ | Windows::Constants::EVENTLOG_FORWARDS_READ, old_end + 1)
+          winlogs = el.read(Win32::EventLog::SEEK_READ | Win32::EventLog::FORWARDS_READ, old_end + 1)
           @receive_lines.call(@ch, winlogs, pe_sn)
 
           @pe.update(pe_sn[0], pe_sn[1])

metadata

@@ -1,69 +1,69 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-winevtlog
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - okahashi117
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-07 00:00:00.000000000 Z
+date: 2016-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: fluentd
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: win32-eventlog
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Input plugin to read windwos event log.
@@ -73,7 +73,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -92,17 +92,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.6.6
 signing_key: 
 specification_version: 4
 summary: Input plugin to read windows event log.